Finally create a configuration file named mod_security.conf in the Apache Configuration Directory: /usr/local/apps/apache/etc/conf.d/ for the module itself, add the following content to the fileContent for mod_security.conf

Now restart Apache to load all the configuration files using the following command:

service httpd restart

Testing the configuration :

Once everything is configured properly, test mod_security module by sending some malicious requests to Apache web server and see if the requests are being blocked or not.

Visit the following URL in the browser

http://your-doamin/?q="><script>alert(1)</script>

You should see a 403 Forbidden response displayed by the browser.

403 Forbidden

Forbidden

You don't have permission to access /
on this server.

Apache Server at {YOUR_IP} Port 80

Note: Please make sure you have index.php or index.html in the root directory of your domain

The last update to the all the PHP versions was supposed to fix the Hard Reboot issue if PHP was running as a FPM service.

Due to a bug the issue was not fixed and it continued to exist, today after reviewing the bug the team has launched all the PHP versions with updated service file to fix the Hard Reboot issue.

If you have installed multiple PHP version’s we encourage you to update all the PHP’s instead of the default one as the fix requires all the PHP’s installed on your server to have the updated service for the fix to work correctly.

Lastly, we have an version update for PHP 7.2:Change log for PHP 7.2 can be checked at the following link:
http://sg2.php.net/ChangeLog-7.php#7.2.7

We hope this update fixes most of the 50x errors encountered for your websites.

Let me know in the comments if you are facing any issues with the upgrade or want to know more about the new service file, I will try to answer as many as I can.

The Webuzo Team has launched phpMyAdmin 4.8.2 the latest version in the release branch.

Please check the change log below:

The urgent vulnerability allows an authenticated attacker to exploit a phpMyAdmin feature to show and potentially execute files on the server. PHP open_basedir restrictions mitigate the effect of this flaw. For further details, see the PMASA announcement.

A second flaw was also fixed allowing an attacker to use a specially crafted database name to trick a user in to executing a cross-site scripting (XSS) attack in the Designer feature.

In addition to the security fixes, this release also includes these bug fixes as part of our regular release cycle:

WHERE 0 clause causes a fatal error

Fix missing “INDEX” icon

Known issues:

Unable to log in with MySQL 8.0.11 (bug #14220, see also https://bugs.php.net/bug.php?id=76243)

A few users have reported being unable to log in with a persistent error message “Failed to set session cookie. Maybe you are using HTTP instead of HTTPS”. In some cases, clearing the phpMyAdmin cookies (‘pma*’) resolves the issue.

If you have any questions regarding the upgrade or any issues after upgrade let me know in the comments.

The Webuzo team has launched support for Ubuntu based servers for MySQL 5.7 after the initial release only supported CentOS servers.

Users who have already installed MySQL 5.7 on their CentOS servers might see an update in their End User panel, you can ignore it and not install the update as the changes are only related to Ubuntu and nothing has changed for CentOS based servers.

We are still working on the process for upgrading existing user’s who are using MySQL 5.5 or 5.6 to MySQL 5.7, so stay tuned.

We are glad to announce that we have added SSL/TLS as well as SMTP AUTH support for Exim and Dovecot.

By default the self-signed certificate generated by Webuzo will be used to configure SSL/TLS but if you are using any 3rd party or Let’s Encrypt certificate for Webuzo panel then that certificate will be used.

We have also enabled SMTP AUTH by default so that all accounts must verify themselves with the mail server before sending any emails.

You can refer this guide to configure your email account with Thunderbird:
https://www.webuzo.com/wiki/Email_Account_Mozilla_Thunderbird

And refer this link to configure your email account with Outlook:
https://www.webuzo.com/wiki/Email_Account_Outlook

We will be adding more guides in the coming weeks for Web-based email clients like: WebMail Lite, RoundCube and RainLoop

The Next release of Webuzo i.e 2.7.1 will include a GUI manager to configure certificates for Email SSL/TLS.

Let me know if you have any questions in the comment section, I will try to answer as many as I can.